Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn’t
Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn’t
Publish Date: 2026-06-15 09:22:00
Source Domain: securityaffairs.com
Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn’t
Pierluigi Paganini
June 15, 2026
Novo Nordisk suffered a cyberattack where clinical trial data was copied. The breach is confirmed, but no threat actor has claimed responsibility.
The Danish pharmaceutical giant Novo Nordisk disclosed a cybersecurity breach that resulted in unauthorized access to internal IT systems and the theft of personal data. The company sells some of the most in-demand drugs on the planet right now, which makes it an obvious target. Attackers got in, copied data, and left.
The company’s incident page was updated in stages as the investigation progressed.
“Novo Nordisk A/S recently identified an IT security incident involving unauthorised access to a limited number of internal IT systems.” reads the notice published by the company. “The incident included unauthorised access to certain personal data stored on the internal IT systems.”
That’s the confirmation that this wasn’t just unauthorized access to systems; data actually left the building.
Two groups were affected: clinical trial patients and healthcare providers. For patients, the data is pseudonymized, which limits the immediate damage but doesn’t make it irrelevant.
The company was direct about what the exposed patient data doesn’t include.
“The incident affected a limited amount of information related to patients participating in some of our clinical trials. This information is not directly linked to any patients by name or other direct identifiers. Information about identity would therefore require access to underlying information, identifying patients by name etc.” continues the notice. “This information was not exposed. We therefore do not consider the incident to enable any third party to identify participants in our clinical trials.”
What was exposed includes randomly assigned patient…
